Cybersecurity News that Matters

Cybersecurity News that Matters

North Korean hackers leverage online games to distribute malware, Microsoft reveals

Designed by Areum Hwang, The Readable

by Kuksung Nam

May. 30, 2024
9:44 PM GMT+9

A new North Korean hacking group has allegedly developed an online game and sent compromised emails to their targets while posing as game developers and investors, according to a statement from a United States tech giant on Tuesday.

In a recent blog post, Microsoft Threat Intelligence announced that a new North Korean hacking group had been discovered, one that the company dubbed “Moonstone Sleet.” Microsoft has been developing a system of classification that correlates threat actors from specific regions of the world with weather themes. For example, North Korean threat actors are referred to as “Sleet,” while Russian and Chinese hacking groups are tagged with the names “Blizzard” and “Typhoon,” respectively.

The company stated that the hacking group has been carrying out a wide range of financially motivated operations and cyberespionage campaigns that align with the objectives of the North Korean government. The report provided detailed information on malicious activities detected since last February, involving a self-developed, fully functional, downloadable game titled “DeTankWar,’” also known as “DeTankZone,” “DeFiTankWar,” or “TankWarsZone.”

An X account named “DetankZone” uploaded a 16-second video last March showing four tanks fighting in a forest-themed battleground. This account shared nearly identical profile images with the account identified as Moonstone Sleet in the Microsoft Threat Intelligence blog. Source: The Readable

According to Microsoft Threat Intelligence, North Korean hackers sent malicious emails with a link to download the game. Upon being opened, this link would compromise the victim’s device, enabling hackers to steal vital information. To deceive their targets, the hackers impersonated game developers or high-ranking officials from a blockchain company, soliciting additional workforce or investment partners for their play-to-earn game project.

The tech giant explained that the hacking group created game websites and multiple social media accounts to add a layer of superficial legitimacy to their identity. One X account, titled “DetankZone,” shared nearly identical profile images with the account disclosed in the report. The user posted a 16-second video showing four tanks fighting in a forest-themed battleground. The report also noted that the software included features typical to games of this kind, such as a player registration protocol accompanied by an invitation code.

Beyond producing and distributing malicious games, Moonstone Sleet further attempted to infiltrate multiple legitimate companies by posing as software developers. The report did not disclose the names of the companies that were targeted by the hacking group. It did, however, note that the North Korean hackers attacked a defense technology company in December 2023 to steal credentials and other various intellectual properties. Furthermore, the report revealed that the hackers deployed custom ransomware against the company last April in an attempt to disrupt the company’s operations.

“Moonstone Sleet’s ability to conduct concurrent operations across multiple campaigns, the robustness of the malicious game, and the use of a new custom ransomware variant are strong indications that this threat actor may be well-resourced,” stated the report. “It will continue to mature, develop, and evolve, positioning itself as a preeminent threat actor conducting sophisticated attacks on behalf of the North Korean regime.”


Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Kuksung Nam
    : Author

    Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights